Описание
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
Ссылки
- Issue TrackingThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingVendor Advisory
- ExploitIssue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingVendor Advisory
- ExploitIssue TrackingThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Одновременно
Одно из
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ...
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2